Search the Community

Introduction Botnets are still considered one of the most dangerous cyber threats. These malicious networks of compromised machines are used by cyber criminals and state-sponsored hackers for numerous activities, including DDoS attacks, spam campaigns, and financial scams. The principal problem for a botmaster is to make a botnet resilient against operations run by law enforcement. For operators it is essential to hide Command and Control servers and network traffic to avoid takeover of the malicious infrastructure. The Tor network offers a privileged environment for botmasters that could exploit the popular anonymizing network to hide the C&C servers. Tor botnets During the Defcon Conference in 2010, security engineer Dennis Brown discussed Tor-based botnets, highlighting pro and cons of the choice to hide C&C servers in the Tor network. The principal advantages of Tor-based botnets are: Availability of Authenticated Hidden Services Availability of Private Tor Networks Possibility of Exit Node Flooding Security researchers use traffic analysis to detect botnet activities and to localize the C&C servers. Typically they do this by using Intrusion Detection Systems and network analyzers. Once they’ve detected a botnet, the researchers and law enforcement have different options to eradicate it: Obscuration of the IP addresses assigned to the C&C server Cleaning of server hosting botnet and of the compromised hosts Domain name revoke Hosting provider de-peered The botnet traffic is routed to the C&C server through the Tor network that encrypts it, making its analysis more difficult. Brown proposed the following two botnet models that exploit the Tor network: “Tor2Web proxy based model” “Proxy-aware malware over Tor network” Tor2Web proxy based model” The routing mechanism relies on the Tor2Web proxy to redirect .onion web traffic. The bot has to connect to the hidden service passing through the Tor2Web proxy pointing to an onion address that identifies the C&C server that remains hidden. The principal problem related to this approach is that it is easy to filter Tor2Web traffic, and a similar configuration could suffer from considerable latencies due to the Tor network that could make a botnet built with this approach unresponsive. “Proxy-aware Malware over Tor network” This approach is based on making use of proxy-aware malware. Due to the absence of the Tor2Web service, the bot agents have to run Tor clients on the infected hosts. The main difference with respect to the first solution is in the requirements for the bot agents and their configuration. Bots need to have SOCKS5 support to reach .onion addresses through the Tor network by loading Tor on the victims’ systems. This second approach is more secure because traffic isn’t routed through a proxy and it is entirely within the Tor network due the direct connection between Bots and C&C servers. This configuration avoids traffic interception from exit nodes that are not involved in the architecture. This approach is more complex from a Bot perspective due to the complexity in managing the SOCKS5 interface and in botnet synchronization. This kind of botnet could be easily detected by the presence of Tor traffic on a network. Strengths and weaknesses of Tor botnets Among the strengths: Botnet traffic masquerades as legitimate Tor traffic Encryption prevents most Intrusion Detection Systems from finding botnet traffic P2P architecture makes botnets more resilient to take down Difficulty for the localization of the command and control servers (C&C) Hidden Services provide a Tor-specific .onion pseudo top-level domain, which is not exposed to possible sinkholing. The operator can easily move around the C&C servers just by re-using the generated private key for the Hidden Service. Among the weaknesses: Complexity of botnet management Risk of botnet fragmentation Latency in the communication Tor botnets: real cases The Skynet botnet One of the first examples of a Tor based botnet is the Skynet botnet that was discovered in December 2012 by experts at G-Data and Rapid7. The bot was a strain of the popular Zeus trojan, which included a Tor client for Windows and a bitcoin mining tool. The researchers at G-Data also reported that Skynet used hidden IRC services with Tor to control the malicious architecture. The Skynet botnet can fulfill different tasks such as mining bitcoin or providing bot agents to involve in illegal activities such as DDoS attacks or spam campaigns. Figure 1 – Tor botnet Mevade botnet Going forward in time, we find the Mevade botnet (a.k.a Sefnit, LazyAlienBiker). In September 2013 it caused a spike in the number of Tor users, which reached 5 million active users. Figure 2 – Tor metrics: Mevade spikes Tor users Authors of Mevade’s Tor variant appear to use the Russian language. The purpose of the botnet was the installation of adware and toolbars onto the victim’s systems, mine Bitcoin and steal sensitive information from the infected PC. Experts at TrendMicro revealed that the Mavade malware had also a “backdoor component and communicates over SSH to remote hosts” that made the agent ideal for data theft. The Atrax crimekit In November 2013, researchers from Danish security firm CSIS discovered a new crimekit, dubbed Atrax, which was sold in the underground market. One of the main features implemented by its authors is the ability to exploit Tor networks to communicate with Command & Control servers. The Atrax crimekit was cheap – it was offered for $250, and among the other features implemented by its authors, there were: Virtual currency mining (Bitcoin mining and Litecoin mining) Browser data extraction Availability of a module to run DDoS attacks that offers complete support for both Full IPv6 and IPv4 and implements principal attack techniques including UDP Flood, TCP Flood, TCP Connect Flood, HTTP Slowloris, and many other methods. Data stealing, including Bitcoin wallets (such as Armory, Bitcoin-Qt, Electrum and Multibit). Figure 3 – Atrax crimekit The Atrax crimekit has a modular structure. The malware includes a series of add-ons that implement the functionalities described. A plugin which implements a data stealer was sold for $110, the form grabber runs for $300, and an experimental add-on for coin mining was sold for $140. It’s interesting to note that the Atrax crimekit was sold with free updates, bug fixes and support. Below a list of standard features present in the Atrax crimekit: Kill Update Download (over Tor), Execute (Commandline-Parameter allowed) Download (over Tor), Execute (Commandline-Parameter allowed) in memory Install Plugin Installation List (A list with all installed applications) 64-bit ZeuS banking trojan using Tor network In December 2013, security researchers at Kaspersky Lab detected a new strain of the popular Zeus trojan. The new variant was designed to operate on 64-bit, and authors enhanced the malicious code with the support of communication through the Tor network. This version of the popular banking trojan also used a web injection mechanism to steal banking credentials from the victim’s browser. It was also able to steal digital certificates and implement a keystrokes feature. The authors implemented a communication mechanism with the C&C server over the Tor network, a feature that makes it more difficult for law enforcement and security firms to track botnets. The 64-bit version of the Zeus banking trojan executes a Tor component, starting the svchost application in suspended mode and then injecting the Tor code into that process, running it in a stealth mode. The malicious traffic was routed through TCP port 9050 and the stolen data were sent to the onion domain with address egzh3ktnywjwabxb [.] onion. “Tor.exe is launched indirectly — ZeuS starts the system svchost.exe application in suspended mode, then injects the tor.exe code into this suspended svchost.exe process, tunes the code to run properly and resumes execution of the suspended svchost,” Tarakanov explains. “As a result, instead of the system svchost.exe, the process actually starts executing tor.exe.” states the blog post published on SecureList. Figure 4 -The Tor utility under the cover of the svchost.exe process creates an HTTP proxy server Another peculiarity of the malware is that it instantiates a hidden service that creates a configuration file for any victims, which includes a unique private key for the service and an exclusive domain. The feature allows the botmaster to control the architecture via Tor. “The botnet operator will be aware of the generated onion domain related to every infected machine as the malware informs the CnC about its tor domain name. So, when an infected machine is online the botnet operator can reach it connecting to its unique onion domain via the Tor network. One purpose of this approach is the remote control of the infected host. For example, one of these ports specifically listens to in the VNC function of ZeuS, obviously meaning that ZeuS provides remote desktop control to the operator via this port,” continues the post. This version of the Zeus trojan was able to trigger its execution after one program within a list of 100 predefined applications is started. ChewBacca financial malware In early 2014 the researchers at RSA discovered a variant of the banking Trojan ChewBacca that was used to steal credit card data from infected POS systems. Also in this case, the botnet was controlled by servers hidden in the Tor network. According to the experts at RSA, the botnet based on the ChewBacca POS variant was used against customers in at least 11 countries (including US, Russia, Canada and Australia) since October 25, 2013. The malware was able to steal credit card data with “keylogger” capabilities or dumping the memory content of POS systems in search for credit card details. The bot is able to collect track 1 and track 2 data of payment card during purchases. “Chewbacca code was compiled with Free Pascal 2.7.1., once executed windows based system, it drops as spoolsv.exe in the startup folder and also drops a copy of Tor 0.2.3.25.” “After execution, the function “P$CHEWBACCA$_$TMYAPPLICATION_$__$$_INSTALL” is called, which drops itself as “spoolsv.exe” into the “Startup folder” (e.g. C:Documents and SettingsAll UsersStart MenuProgramsStartup) and requests the public IP of the victim via a publicly accessible service at http://ekiga.net/ip (which is not related to the malware). Tor is dropped as “tor.exe” to the user-s Temp and runs with a default listing on “localhost:9050?.” Figure 5 – ChewBacca console The Bifrose malware In August 2014, researchers from TrendMicro detected a new variant of the Bifrose malware leveraging on the Tor network. The new variant of the Bifrose backdoor was used in a targeted attack against a device manufacturer. Bifrose has been around for many years, and it is quite easy to acquire in the underground. The malware has a data stealing ability, but it is mostly popular for its keylogging routines. The variant detected by the malware experts at TrendMicro (detected as BKDR_BIFROSE.ZTBG-A – hash 5e2844b20715d0806bfa28bd0ebcba6cbb637ea1) leverages the Tor network to hide communications between the infected machines and the C&C server. “What makes this variant more elusive is its ability of Tor to communicate with its command-and-control [C&C] server,” reports a blog post published by TrendMicro. The Bifrose malware was widely used by cyber criminals. In 2010 a threat actor targeted human resource (HR) personnel of different government offices, including the African Union and the NATO. The Bifrose variant used in the targeted attack on the device manufacturer was able to perform the following operations, as explained in the blog post: Download a file Upload a file Get file details (file size, last modified time) Create a folder Delete a folder Open a file using ShellExecute Execute a command line Rename a file Enumerate all windows and their process IDs Close a window Move a window to the foreground OnionDuke: APT Attacks exploited the Tor Network In November 2014, the experts from F-Secure discovered a link between the crew operating a rogue Tor node used to spread OnionDuke malware and MiniDuke APT. Just a month before, the security researcher Josh Pitts of Leviathan Security Group identified a Russian Tor exit node that was patching the binaries downloaded by the users with malware. The expert reported it to officials of the Tor Project, who flagged the Tor exit node as bad and shut down it. Further investigations on the case revealed that the threat actors that managed the node were serving malware through the explained scheme for more than a year. Figure 7 – OnionDuke infection The bad actors used the Tor exit node to serve a backdoor, dubbed OnionDuke, to the victim’s machine with a man-in-the middle attack in the downloading phase. Security experts at F-Secure discovered that the rogue exit node was tied to the MiniDuke criminal crew. MiniDuke is the name of a sophisticated cyber espionage campaign discovered in 2013 by experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security (CrySyS). The MiniDuke APT infected dozens of machines at government agencies across Europe. Exploiting a security flaw in Adobe software, the malicious payload is dropped once the victim opens the malicious PDF file. The malware was used by attackers to steal sensitive data from government and high profile entities. The researchers speculated that the level of sophistication and the nature of the chosen targets suggest that the attacks are part of a state-sponsored espionage campaign. According to the experts, “OnionDuke,” the malware spread through the bogus exit node, is a malware different from the ones used in the past by the threat actors behind the MiniDuke crew. It must be noted that all five domains contacted by OnionDuke aren’t dedicated malicious servers. Instead, they are legitimate websites compromised by threat actors. The experts identified different samples of the malware and multiple other components of the OnionDuke malware family, which were designed to execute specific tasks like data stealing. The analysis of the various samples allowed the researchers at F-Secure to discover the link with the MiniDuke gang. The owner of the Command & Control (C&C) server used to control a sample of the OnionDuke backdoor (W32/OnionDuke.A) is the same that was involved in the MiniDuke agent. This circumstance suggests that although OnionDuke and MiniDuke are two separate strains of malware, the threat actors behind them shared the control infrastructure. “One component, however, is an interesting exception. This DLL file (SHA1 d433f281cf56015941a1c2cb87066ca62ea1db37, detected asBackdoor:W32/OnionDuke.A) contains among its configuration data a different hardcoded C&C domain, overpict.com and also evidence suggesting that this component may abuse Twitter as an additional C&C channel. What makes the overpict.com domain interesting, is it was originally registered in 2011 with the alias of ‘John Kasai’. Within a two-week window, ‘John Kasai’ also registered the following domains: airtravelabroad.com, beijingnewsblog.net, grouptumbler.com, leveldelta.com, nasdaqblog.net, natureinhome.com, nestedmail.com, nostressjob.com, nytunion.com, oilnewsblog.com, sixsquare.net and ustradecomp.com. This is significant because the domains leveldelta.com and grouptumbler.com have previously been identified as C&C domains used by MiniDuke,” reports F-Secure in the blog post. CryptoWall Ransomware is resurrected with new features In early 2015, the researchers at Cisco’s Talos group published an analysis of a new variant of Cryptowall ransomware that implements a series of new features, including the exploitation of the Tor anonymity network to hide its command-and-control infrastructure. The new variant of CryptoWall was improved by cyber criminals that applied the necessary modifications to its code to make it resilient to the operation of law enforcement. Cisco’s Talos Security Intelligence and Research Group reported that the new strain of the CryptoWall ramsonware is able to distinguish between 32- and 64-bit architectures and to execute different versions for each and OS, including the newest versions of Mac OS X. “The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. The dropper utilizes multiple exploits to gain initial access and incorporates anti-vm and anti-emulation checks to hamper identification via sandboxes. The dropper and downloaded Cryptowall binary actually incorporate multiple levels of encryption. One of the most interesting aspects of this malware sample, however, is its capability to run 64 bit code directly from its 32 bit dropper,” states the report. The attack chain starts with a phishing mail that includes the CryptoWall variant in a “.zip” attachment. The compressed archive included an exploit that relies a Microsoft privilege escalation vulnerability (CVE-2013-3660) to compromise the target machine. “CryptoWall 2.0 can be delivered through multiple attack vectors, including email attachments, malicious pdf files and even various exploit kits. In the sample that we analyzed, the dropper utilized CVE-2013-3660, ‘Win32k.sysElevation of Privilege Vulnerability’ to achieve the initial privilege escalation on X86 based machines. This exploit works on 32 bit OSs starting beginning with Vista. The dropper even includes a 64-bit DLL that is able to trigger the exploit in all the vulnerable AMD64 Windows Systems.” This new variant of CryptoWall also implements an anti-VM and anti-emulation check pass that prevents the execution in a virtualized environment for malware analysis. CryptoWall implements a multistep decryption. In the first phase, it decrypts just a first portion of code to check if it is running in a virtualized environment. If it passes the check, it then continues to decrypt. According to the Cisco researchers, the feature could be exploited to prevent the execution of the malware by adding fake entries in the file system that indicate a virtual machine is running. Once it has infected the machine, the sample connects to the Tor Servers with an encrypted SSL connection on port 443 or 9090. The C&C servers discovered by the researchers were using the following Tor URLs: crptarv4hcu24ijv.onion crptbfoi5i54ubez.onion crptcj7wd4oaafdl.onion “Using hardcoded IP address in the PE, the malware connects to the TOR Server with an encrypted SSL connection on port 443 or 9090. After successfully connecting, it starts to generate the Cryptowall domain names using a customized Domain Generation Algorithm (DGA). The algorithm is located at offset + 0x2E9FC.” Citroni ransomware Recently a security researcher analyzed a new ransomware dubbed Critroni, which is being sold in different underground forums. Critroni (aka CTB-Locker) is the name of a new ransomware that has been recently included in the Angler exploit kit. A detailed analysis of the ransomware was posted on “Malware.dontneedcoffee.com” by the French security researcher Kafeine. Critroni implements many functionalities, including the ability to exploit the Tor network to host its command and control. “Placing a server in onion-domain (TOR), close to domain abuse can not be practically impossible to trace the owner and shut down the server. Connection to the server only after encryption of all files. Early Detection is not possible on the traffic, it is impossible to block the work of the locker. Blocking TOR prevents only payment the user, not the program. Analogs are connected to the server until the crypt and can block,” states the ad for the malware. The experts explained that the success of the Critroni ransomware was advantaged by the takedown of the GameOver Zeus managed by law enforcement last year. The botnet in fact was used by cyber criminals to serve CryptoLocker ransomware. Around the same time in mid-June, security researchers began seeing advertisements for the Critroni ransomware on underground forums. The malware was sold for around $3,000. The Critroni agent was initially spread exclusively in Russia; later its presence was detected in many other countries worldwide. Many criminal groups are using Citroni for their extortion activities. They used to serve the ransomware as part of the Angler exploit kit, which serves a spambot on victims’ machines. The spambot module is used by malware authors to drop a couple of other payloads. One of them is Citroni. Critroni encrypts a variety of files on the targeted machine and then displays a dialogue box that demands a payment in Bitcoins in order to decrypt the files. Figure 8 – Citroni ransomware Victims have to pay the ransom within 72 hours. If they haven’t any Bitcoins, the ransomware provides detailed instructions on how to acquire them. I2P botnet: real cases Not only Tor network – CryptoWall 3.0 uses I2P network The Tor network isn’t the only anonymizing network exploited by malware authors to hide their malicious infrastructure. In early 2015 a new version of the infamous CryptoWall ransomware was spotted by Microsoft, just a week after the Cisco’s Talos Security Intelligence and Research Group announced the discovery of a new strain of the same malware that exploits the Tor network. The new variant of CryptoWall ransomware, like others, is distributed via malicious email and through malvertising campaigns. This variant was dubbed by the researchers CryptoWall 3.0 or Win32/Crowti, and it isn’t so different from previous instances. However, the experts noted that the names of the files containing the ransom demand have been changed to “HELP_DECRYPT.” This variant customizes files for each infected machine and provides victims a personalized link to a page that contains includes instructions. The instruction page is still reached through the Tor network. The victims of the CryptoWall 3.0 are given 7 days to pay $500 in Bitcoins if they want to decrypt their documents, but if they don’t pay in 7 days, the ransom increases to $1,000. On January 12, Microsoft identified 288 unique CryptoWall ver. 3.0 infections. “The graph below shows the spike after two days of no activity from 288 unique machines affected by this malware,” reads the post published Microsoft. Figure 9 – Cryptowall ver. 3.0 infections The French researcher Kafeine who analyzed CryptoWall 3.0 reported that the communications to C&C served are encoded with the RC4 cipher. Another feature implemented in the latest variant of the malware is the support of I2P (Invisible Internet Project) for C&C communications. “It seems communication with the C&C are Rc4 encoded (key seems to bealphanum sorted path of the POST ) and using i2p protocol,” said Kafeine. I2P is another anonymizing network used to hide the location of the control servers and make the botnet resilient the C&C to the law enforcement. Also recently, a new version of the popular black market Silk Road, Silk Road Reloaded, migrated on I2P, probably because at this moment there is the conviction that it is more secure than Tor. It happens now … new Dyre banking trojan variant A few days ago, the experts at TrendMicro spotted a new variant of the DYRE /Dyreza banking malware with new propagation and evasion techniques. The malware is spread through malicious emails containing the Upatre downloader disguised as a fax or the details of a package delivery, but once it is executed, the download drops the new Dyre variant, which in turn downloads the WORM_MAILSPAM.XDP worm. The propagation technique implemented by the cyber criminals is very effective. The worm exploits the Microsoft Outlook email client present on the victim’s machine to spread spam emails with the Upatre downloader attached to them. The emails aren’t sent to the victim’s contacts, instead they are sent to email addresses passed by the C&C server. Once the emails are sent by the worm, it deletes itself. This variant of Dyre uses hard-coded addresses for its IP addresses. The malware authors also implemented backup mechanisms for command and control infrastructure that rely on a URL provided by the malware’s domain generation algorithm (DGA) or a hard-coded address of a C&C server hidden on the Invisible Internet Project (I2P) network. Figure 10 – Dyre I2P In this case, the I2P network is used as a supplementary way to control the botnet, a choice to make it more resilient to attacks. Conclusion Security experts believe that malware authors will continue to exploit anonymizing networks like Tor and I2P. Analyzing the timeline of malware detections made by principal security firms, cyber criminals have been increasing the adoption of such networks since 2012. Figure 11 – Malware in the Deep Web (Security Affairs) Malware authors will exploit the Deep Web basically as a backup mechanism for their botnet and to make them more resistant to various kinds of attacks operated by law enforcement. References Skynet, the potential use of Tor as a bulletproof botnet - Security Affairs | Security Affairs OnionDuke: APT Attacks exploited the Tor Network | Security Affairs New crimekit Atrax exploits Tor, mines Bitcoin and much more | Security Affairs Detected 64-bit ZeuS banking trojan using Tor network | Security Affairs http://securityaffairs.co/wordpress/27885/cyber-crime/bifrose-uses-tor.html http://blogs.cisco.com/security/talos/cryptowall-2 http://malware.dontneedcoffee.com/2014/07/ctb-locker.html http://securityaffairs.co/wordpress/26763/cyber-crime/critroni-ransomware-use-tor.html http://securityaffairs.co/wordpress/31993/cyber-crime/cryptowall-ransomware-2-0.html http://securityaffairs.co/wordpress/21795/malware/tor-based-chewbacca-infect-pos.html https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit https://www.defcon.org/images/defcon-18/dc-18-presentations/D.Brown/DEFCON-18-Brown-TorCnC.pdf https://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html http://securityaffairs.co/wordpress/13747/cyber-crime/http-botnets-the-dark-side-of-an-standard-protocol.html http://contagiodump.blogspot.it/2014/11/onionduke-samples.html?m=1 http://securelist.com/blog/events/58184/the-inevitable-move-64-bit-zeus-enhanced-with-tor/ http://securityaffairs.co/wordpress/17601/cyber-crime/botnet-behind-tor-traffic-surge.html [ulr=http://resources.infosecinstitute.com/hunting-malware-deep-web/]Source

Millions of PSN gamers, who were hit by a massive data breach on Sony's Playstation network back in 2011, are finally being offered the opportunity to claim compensation from the company. Stateside victims of the hack attack – PSN, Qriocity and Sony Online Entertainment subscribers who held an account before 15 May 2011 – have been encouraged to file an online form as part of a settlement deal to end a class action lawsuit brought against the Japanese tech giant.A number of claims can be submitted by U.S. netizens affected by the assault on Sony's computer network systems. Victims can either claim one free game, up to three themes or a free subscription to Playstation Plus for three months for those subscribers not already signed up to that option. While those affected by identity theft can claim up to $2,500 in compensation. Sony, which offered a $15m settlement deal to PSN gamers in July last year, said: The proposed settlement offers payments equal to credit balances (if applicable credit balance is $2 or more) in inactive accounts, game and online service benefits for holders of active accounts, and reimbursements for certain out-of-pocket expenses from any identity theft proven to have resulted from the intrusions. In the UK, Sony was slapped with a £250,000 fine by the Information Commissioner's Office, after it concluded that the Data Protection Act had been violated following the 2011 hack attack. The personal info of millions of Brits – including names, addresses and account passwords – were stolen by malefactors who infiltrated Sony's PlayStation Network systems. In January 2013, Blighty's data cops concluded that the breach of around 77 million gamers could have been prevented if Sony had adequate security measures in place, such as hashing and salting log-ins and keeping system patches up to date. Despite that admonishment, Sony has refused to accept any responsibility for the attack. ® Source

SATELLITE NETWORKING PRINCIPLES AND PROTOCOLS SECOND EDITION Author: Zhili Sun University of Surrey, UK Contents List of Figures xix List of Tables xxv About the Author xxvii Preface xxix Acknowledgements xxxi 1 Introduction 1 1.1 Applications and Services of Satellite Networks 1 1.1.1 Roles of Satellite Networks 2 1.1.2 Network Software and Hardware 4 1.1.3 Satellite Network Interfaces 4 1.1.4 Network Services 5 1.1.5 Applications 5 1.2 ITU-R Definitions of Satellite Services 5 1.2.1 Fixed Satellite Service (FSS) 6 1.2.2 Mobile Satellite Service (MSS) 6 1.2.3 Broadcasting Satellite Service (BSS) 6 1.2.4 Other Satellite Services 6 1.3 ITU-T Definitions of Network Services 6 1.3.1 Interactive Services 7 1.3.2 Distribution Services 7 1.4 Internet Services and Applications 8 1.4.1 World Wide Web (WWW) 8 1.4.2 File Transfer Protocol (FTP) 9 1.4.3 Telnet 9 1.4.4 Electronic Mail (email) 10 1.4.5 Multicast and Content Distribution 10 1.4.6 Voice over Internet Protocol (VoIP) 10 1.4.7 Domain Name System (DNS) 11 1.5 Circuit-switching Network 11 1.5.1 Connection Set Up 12 1.5.2 Signalling 13 1.5.3 Transmission Multiplexing Hierarchy based on FDM 13 1.5.4 Transmission Multiplexing Hierarchy based on TDM 13 1.5.5 Space Switching and Time Switching 15 1.5.6 Coding Gain of Forward Error Correction (FEC) 16 1.6 Packet-switching Networks 17 1.6.1 Connection-oriented Approach 18 1.6.2 Connectionless Approach 19 1.6.3 Relationship between Circuit-switching and Packet-switching 20 1.6.4 Considerations of Packet Network Designs 20 1.6.5 Packet Header and Payload 21 1.6.6 Complexity and Heterogeneous Networks 21 1.6.7 Performance of Packet Transmissions 21 1.6.8 Impact of Bit Level Errors on Packet Level 22 1.7 OSI/ISO Reference Model 22 1.7.1 Protocol Terminology 23 1.7.2 Layering Principle 23 1.7.3 Functions of the Seven Layers 23 1.7.4 Fading of the OSI/ISO Reference Model 24 1.8 The ATM Protocol Reference Model 25 1.8.1 Narrowband ISDN (N-ISDN) 25 1.8.2 Broadband ISDN (B-ISDN) 25 1.8.3 ATM Technology 25 1.8.4 Reference Model 26 1.8.5 Problems: Lack of Available Services and Applications 26 1.9 Internet Protocols Reference Model 27 1.9.1 Network Layer: IP Protocol 27 1.9.2 Network Technologies 27 1.9.3 Transport Layer: TCP and UDP 28 1.9.4 Application Layer 28 1.9.5 QoS and Control on Resources 28 1.10 Satellite Network 28 1.10.1 Access Network 29 1.10.2 Transit Network 29 1.10.3 Broadcast Network 29 1.10.4 Space Segment 29 1.10.5 Ground Segment 31 1.10.6 Satellite Orbits 31 1.10.7 Satellite Transmission Frequency Bands 32 1.11 Characteristics of Satellite Networks 34 1.11.1 Propagation Delay 34 1.11.2 Propagation Loss and Power Limited 35 1.11.3 Orbit Space and Bandwidth Limited for Coverage 35 1.11.4 Operational Complexity for LEO 35 1.12 Channel Capacity of Digital Transmissions 35 1.12.1 The Nyquist Formula for Noiseless Channels 36 1.12.2 The Shannon Theorem for Noise Channels 36 1.12.3 Channel Capacity Boundary 36 1.12.4 The Shannon Power Limit (-1.6 dB) 36 1.12.5 Shannon Bandwidth Efficiency for Large Eb/N0 37 1.13 Internetworking with Terrestrial Networks 38 1.13.1 Repeaters at the Physical Layer 38 1.13.2 Bridges at the Link Layer 38 1.13.3 Switches at the Physical, Link and Network Layers 39 1.13.4 Routers for Interconnecting Heterogeneous Networks 39 1.13.5 Protocol Translation, Stacking and Tunnelling 39 1.13.6 Quality of Service (QoS) 40 1.13.7 End-user QoS Class and Requirements 40 1.13.8 Network Performance 41 1.13.9 QoS and NP for Satellite Networking 42 1.14 Digital Video Broadcasting (DVB) 43 1.14.1 The DVB Standards 44 1.14.2 Transmission System 44 1.14.3 Adaptation to Satellite Transponder Characteristics 45 1.14.4 Channel Coding 46 1.14.5 ReedSolomon (RS) Outer Coding, Interleaving and Framing 47 1.14.6 Inner Convolutional Coding 48 1.14.7 Baseband Shaping and Modulation 49 1.14.8 Error Performance Requirements 50 1.15 DVB-S Satellite Delivery 50 1.15.1 MPEG-2 Baseband Processing 51 1.15.2 Transport Stream (TS) 52 1.15.3 Service Objectives 52 1.15.4 Satellite Channel Adaptation 52 1.15.5 DVB Return Channel over Satellite (DVB-RCS) 53 1.15.6 TCP/IP over DVB 54 1.16 DVB Satellite Second Generation (DVB-S2) 54 1.16.1 Technology Novelty in the DVB-S2 55 1.16.2 Transmission System Architecture 56 1.16.3 Error Performance 58 1.17 DVB Satellite Services to Handheld Devices (DVB-SH) 59 1.17.1 Transmission System Architecture 60 1.17.2 Common Functions for both TDM and OFDM Modes 61 1.17.3 Functions for Single Carrier (TDM) Mode 62 1.17.4 Functions for Multi Carrier (OFDM) Mode 65 1.17.5 DVB-RCS2 69 1.18 Historical Development of Computer and Data Networks 69 1.18.1 Dawn of the Computer and Data Communications Age 70 1.18.2 Development of Local Area Networks (LANs) 70 1.18.3 Development of WANs and ISO/OSI 70 1.18.4 Birth of the Internet 70 1.18.5 Integration of Telephony and Data Networks 70 1.18.6 Development of Broadband Integrated Networks 71 1.18.7 The Killer Application WWW and Internet Evolutions 71 1.19 Historical Development of Satellite Communications 71 1.19.1 Start of Satellite and Space Eras 71 1.19.2 Early Satellite Communications: TV and Telephony 72 1.19.3 Development of Satellite Digital Transmission 72 1.19.4 Development of Direct-to-Home (DTH) Broadcast 72 1.19.5 Development of Satellite Maritime Communications 72 1.19.6 Satellite Communications in Regions and Countries 72 1.19.7 Satellite Broadband Networks and Mobile Networks 73 1.19.8 Internet over Satellite Networks 73 1.20 Convergence of Network Technologies and Protocols 73 1.20.1 Convergence of Services and Applications in User Terminals 73 1.20.2 Convergence of Network Technologies 74 1.20.3 Convergence of Network Protocols 75 1.20.4 Satellite Network Evolution 75 Further Readings 77 Exercises 78 2 Satellite Orbits and Networking Concepts 79 2.1 Laws of Physics 80 2.1.1 Keplers Three Laws 80 2.1.2 Newtons Three Laws of Motion and The Universal Law of Gravity 80 2.1.3 Keplers First Law: Satellite Orbits 81 2.1.4 Keplers Second Law: Area Swept by a Satellite Vector 83 2.1.5 Keplers Third Law: Orbit Period 83 2.1.6 Satellite Velocity 84 2.2 Satellite Orbit Parameters 85 2.2.1 Semi-Major Axis (a) 85 2.2.2 Eccentricity (e) 85 2.2.3 Inclination of Orbit (i) 85 2.2.4 Right Ascension of the Node (?) and Argument of Perigee (??) 86 2.3 Useful Orbits 87 2.3.1 Geosynchronous Earth Orbits 87 2.3.2 Geostationary Earth Orbits (GEOs) 87 2.3.3 High Elliptical Orbits (HEOs) 88 2.3.4 Notations of Low Earth Orbit (LEO) Satellite Constellations 88 2.3.5 Orbital Perturbations 89 2.3.6 Satellite Altitude and Coverage 89 2.3.7 Antenna Gain and Beam-width Angle 90 2.3.8 Coverage Calculations 91 2.3.9 Distance and Propagation Delay from Earth Station to Satellite 92 2.4 Satellite Link Characteristics and Modulations for Transmissions 93 2.4.1 Satellite Link Characteristics 93 2.4.2 Modulation Techniques 95 2.4.3 Phase Shift Keying (PSK) Schemes for Satellite Transmissions 96 2.4.4 Binary Phase Shift Keying (BPSK) 96 2.4.5 Quadrature PSK (QPSK) 97 2.4.6 Gaussian-filtered Minimum Shift Keying (GMSK) 97 2.4.7 Bit Error Rate (BER): the Quality Parameter of Modulation Schemes 98 2.4.8 Satellite Networking in the Physical Layer 100 2.5 Forward Error Correction (FEC) 101 2.5.1 Linear Block Codes 101 2.5.2 Cyclic Codes 102 2.5.3 Trellis Coding and Convolutional Codes 102 2.5.4 Concatenated Codes 103 2.5.5 Turbo Codes 103 2.5.6 Performance of FEC 104 2.6 Multiple Access Techniques 105 2.6.1 Frequency Division Multiple Access (FDMA) 106 2.6.2 Time Division Multiple Access (TDMA) 106 2.6.3 Code Division Multiple Access (CDMA) 107 2.6.4 Comparison of FDMA, TDMA and CDMA 108 2.7 Bandwidth Allocation 108 2.7.1 Fixed Assignment Access 109 2.7.2 Demand Assignment 109 2.7.3 Random Access 109 2.8 Satellite Networking Issues 110 2.8.1 Single-hop Satellite Connections 110 2.8.2 Multi-hop Satellite Connections 110 2.8.3 Inter-satellite Links (ISL) 111 2.8.4 Handovers 112 2.8.5 Satellite Intra-beam and Inter-beam Handovers 114 2.8.6 Earth Fixed Coverage versus Satellite Fixed Coverage 114 2.8.7 Routing within a Constellation of Satellite Networks 115 2.8.8 Internetworking 116 2.8.9 Satellite Availability and Diversity 116 Further Readings 118 Exercises 118 3 B-ISDN ATM and Internet Protocols 119 3.1 ATM Protocol and Fundamental Concepts 119 3.1.1 Packetisation Delay 121 3.1.2 Queuing Delay 121 3.1.3 Compromise Solution Between North America and Europe 122 3.2 ATM Layer 123 3.2.1 The GFC Field 123 3.2.2 The VPI and VCI Fields 123 3.2.3 The CLP Field 125 3.2.4 The PT Field 126 3.2.5 The HEC Field 126 3.3 ATM Adaptation Layer (AAL) 126 3.3.1 AAL1 for Class A 127 3.3.2 AAL2 for Class B 129 3.3.3 AAL3/4 for Classes C and D 129 3.3.4 AAL5 for Internet Protocol 130 3.4 The Physical Layer 131 3.4.1 The Physical Medium (PM) Sublayers 131 3.4.2 The Transmission Convergence (TC) Sublayer 131 3.4.3 ATM Cell Transmissions 132 3.5 ATM Interfaces and ATM Networking 134 3.5.1 UserNetwork Access 134 3.5.2 Network Node Interconnections 135 3.5.3 ATM DXI 136 3.5.4 B-ICI 136 3.5.5 Permanent Virtual Connections versus Switched Virtual Connections 136 3.5.6 ATM Signalling 137 3.5.7 ATM Addressing 137 3.5.8 Address Registration 139 3.6 Network Traffic, QoS and Performance Issues 139 3.6.1 Traffic Descriptors 140 3.6.2 QoS Parameters 140 3.6.3 Performance Issues 140 3.7 Network Resource Management 141 3.7.1 Connection Admission Control (CAC) 142 3.7.2 UPC and NPC 142 3.7.3 Priority Control and Congestion Control 142 3.7.4 Traffic Shaping 143 3.7.5 Generic Cell Rate Algorithm (GCRA) 143 3.7.6 Leaky Bucket Algorithm (LBA) 143 3.7.7 Virtual Scheduling Algorithm (VSA) 146 3.8 Internet Protocols 146 3.8.1 Internet Networking Basics 147 3.8.2 Protocol Hierarchies 147 3.8.3 Connectionless Network Layer 148 3.8.4 The IP Packet Format 148 3.8.5 IP Address 150 3.8.6 Mapping Between Internet and Physical Network Addresses 151 3.8.7 ARP, RARP and HDCP 152 3.9 Internet Routing Protocols 152 3.9.1 The Interior Gateway Routing Protocol (IGRP) 152 3.9.2 The Exterior Gateway Routing Protocol (EGRP) 153 3.10 Transport Layer Protocols: TCP and UDP 153 3.10.1 Transmission Control Protocol (TCP) 153 3.10.2 The TCP Segment Header Format 154 3.10.3 Connection Set Up and Data Transmission 155 3.10.4 Congestion and Flow Control 156 3.10.5 User Datagram Protocol (UDP) 157 3.11 IP and ATM Internetworking 158 3.11.1 Packet Encapsulation 159 3.11.2 IP and ATM Address Resolution 160 Further Readings 161 Exercises 161 4 Satellite Internetworking with Terrestrial Networks 163 4.1 Networking Concepts 163 4.2 Networking Terminology 165 4.2.1 Private Network 165 4.2.2 Public Network 165 4.2.3 Quality Aspects of Telephony Services 166 4.2.4 IP Based Network 166 4.3 Network Elements and Connections 167 4.3.1 Network Terminals 167 4.3.2 Network Nodes 168 4.3.3 Network Connections 168 4.3.4 End-to-End Paths 169 4.3.5 Reference Configurations 169 4.4 Network Traffic and Signalling 170 4.4.1 User Traffic and Network Services 170 4.4.2 Signalling Systems and Signalling Traffic 171 4.4.3 In-band Signalling 172 4.4.4 Out-of-Band Signalling 173 4.4.5 Associated and Disassociated Channel Signalling 173 4.4.6 Network Management 174 4.4.7 Network Operation Systems and Mediation Functions 175 4.5 Access and Transit Transmission Networks 176 4.5.1 Analogue Telephony Networks 177 4.5.2 Telephony Network Traffic Engineering Concept 177 4.5.3 Access to Satellite Networks in the Frequency Domain 178 4.5.4 On-Board Circuit Switching 179 4.6 Digital Telephony Networks 180 4.6.1 Digital Multiplexing Hierarchy 180 4.6.2 Satellite Digital Transmission and On-Board Switching 181 4.6.3 Plesiochronous Digital Hierarchy (PDH) 181 4.6.4 Limitations of PDH 181 4.7 Synchronous Digital Hierarchy (SDH) 182 4.7.1 Development of SDH 183 4.7.2 The SDH Standards 183 4.7.3 Mapping from PDH to SDH 184 4.7.4 The Benefits of SDH 185 4.7.5 Synchronous Operation 185 4.7.6 Synchronous Optical Network (SONET) 187 4.7.7 SDH Over Satellite The Intelsat Scenarios 188 4.8 Hypothetical References for Satellite Networks 189 4.8.1 ITU-T Hypothetical Reference Connection (HRX) 189 4.8.2 ITU-R Hypothetical Reference Digital Path (HRDP) for Satellite 190 4.8.3 Performance Objectives 191 4.9 Satellites and MANET 191 4.9.1 Networking Scenarios 193 4.10 Interworking with Heterogeneous Networks 197 4.10.1 Services 197 4.10.2 Addressing 198 4.10.3 Routing 198 4.10.4 Evolution 198 Further Readings 199 Exercises 200 5 B-ISDN ATM over Satellite Networks 201 5.1 Background 201 5.1.1 Networking Issues 202 5.1.2 Satellite Services in the B-ISDN Networking Environment 202 5.2 Design Issues of Satellite B-ISDN ATM Systems 204 5.2.1 Propagation Delay 204 5.2.2 Attenuation and Constraints 205 5.3 The GEO Satellite B-ISDN ATM Networking Architecture 206 5.3.1 Ground Segment 206 5.3.2 Space Segment 207 5.3.3 Satellite Bandwidth Resource Management 207 5.3.4 Connection Admission Control (CAC) 209 5.3.5 Network Policing Functions 209 5.3.6 Reactive Congestion Control 209 5.4 Advanced Satellite B-ISDN ATM Networks 210 5.4.1 Radio Access Layer 210 5.4.2 On-Board Processing (OBP) Characteristics 211 5.4.3 B-ISDN ATM On-Board Switch 211 5.4.4 Multibeam Satellites 214 5.4.5 LEO/MEO Satellite Constellations 215 5.4.6 Inter-Satellite Links (ISL) 215 5.4.7 Mobility Management 216 5.4.8 Use of Higher Frequency Spectrum 216 5.5 B-ISDN ATM Performance 217 5.5.1 Layered Model of Performance for B-ISDN 217 5.5.2 Network Performance Parameters 218 5.5.3 Impact of Satellite Burst Errors on the ATM Layer 220 5.5.4 Impact of Burst Errors on AAL Protocols 221 5.5.5 Error Control Mechanisms 221 5.5.6 Enhancement Techniques for Broadband Satellite Networks 222 5.6 Evolution of Broadband Satellite Systems 224 Further Readings 225 Exercises 225 6 Internet Protocol (IP) over Satellite Networks 227 6.1 Different Viewpoints of Satellite Networking 227 6.1.1 Protocol-centric Viewpoint of Satellite IP Network 228 6.1.2 Satellite-centric Viewpoint of Global Networks and the Internet 229 6.1.3 Network-centric Viewpoint of Satellite Networks 230 6.2 IP Packet Encapsulation 231 6.2.1 Basic Concepts 231 6.2.2 High-level Data Link Control (HDLC) Protocol 232 6.2.3 Point-to-Point Protocol (PPP) 232 6.2.4 Media Access Control 233 6.2.5 IP Over Satellite 233 6.3 Satellite IP Networking 233 6.3.1 Routing On-Board Satellites 235 6.3.2 IP Mobility in Satellite Networks 235 6.3.3 Address Resolution 237 6.4 IP Multicast Over Satellite 237 6.4.1 IP Multicast Concepts 238 6.4.2 IP Multicast Addressing 239 6.4.3 Multicast Group Management 239 6.4.4 IP Multicast Routing 240 6.4.5 IP Multicast Scope 241 6.4.6 IGMP Behaviour in Satellite Environments 241 6.4.7 Multicast Routing Protocols in Satellite Environments 243 6.4.8 Reliable Multicast Protocols Over Satellites 243 6.5 Basic Network Security Mechanisms 245 6.5.1 Security Approaches 245 6.5.2 Single-direction Hashing Functions 246 6.5.3 Symmetrical Codes (With Secret Keys) 246 6.5.4 Asymmetrical Codes (With Public/Private Keys) 247 6.6 Satellite Networking Security 248 6.6.1 IP Security (IPsec) 248 6.6.2 Firewall and VPN 249 6.6.3 IP Multicast Security 250 6.7 Internet Quality of Service (IP QoS) 250 6.7.1 Layered Model of Performance for IP Service 251 6.7.2 IP Packet Transfer Performance Parameters 252 6.7.3 IP Network Performance Objectives for QoS Classes 253 6.7.4 Guidance on IP QoS Class Usage 254 6.8 Integrated Services (Intserv) Architectures for QoS 254 6.8.1 Integrated Services Architecture (ISA) Principles 255 6.8.2 Resource Reservation Protocol (RSVP) 256 6.8.3 Intserv Service Classes 257 6.9 Differentiated Services (Diffserv) for QoS 258 6.9.1 Diffserv Architecture 258 6.9.2 Traffic Classification 260 6.9.3 Traffic Conditioning 261 6.9.4 Diffserv Per Hop Behaviour (PHB) 261 6.9.5 Supporting Intserv Across the Satellite Network Diffserv Domain 263 6.10 DVB Over Satellite 264 6.10.1 MPEG-2 Source Coding and Multiplexing DVB-S Streams 265 6.10.2 DVB-S System 266 6.10.3 DVB Security 268 6.10.4 Conditional Access in DVB-S 268 6.10.5 DVB-RCS Interactive Service and IP over DVB 270 6.10.6 DVB-RCS Security 271 6.10.7 IP Multicast Security 271 6.11 DVB-S and DVB-RCS Network Architecture 272 6.11.1 On-Board Processor (OBP) 273 6.11.2 Management Station (MS) 274 6.11.3 Regenerative Satellite Gateway (RSGW) 274 6.11.4 Return Channel Satellite Terminal (RCST) 275 6.11.5 Network Interface 275 6.11.6 Network System Characteristics 276 6.12 Network Protocol Stack Architecture 276 6.13 The Physical Layer (PHY) 277 6.13.1 Up-link (DVB-RCS Compliant) 277 6.13.2 Time Slots 278 6.13.3 Frames 278 6.13.4 Superframes 280 6.13.5 Carrier Type and Frame Composition 280 6.13.6 Uplink MF-TDMA Channel Frequency Plan 281 6.13.7 Downlink (DVB-S Compliant) 282 6.13.8 RCS Terminal (RCST) Transmission 283 6.14 Satellite MAC (SMAC) Layer 284 6.14.1 Transport Mechanisms 284 6.14.2 MPEG-2, DVB-S and DVB-RCS Tables 285 6.15 Multi Protocol Encapsulation (MPE) 288 6.16 Satellite Link Control Layer 290 6.16.1 Session Control 290 6.16.2 Resource Control 293 6.16.3 Capacity Request Categories 294 6.16.4 Connection Control 294 6.17 Quality of Service (QoS) 297 6.17.1 Traffic Classes 297 6.17.2 Flow Classification 298 6.17.3 Link Layer Connection QoS Adaptation 298 6.18 Network Layer 299 6.18.1 IP Routing and Address Resolution 299 6.18.2 IP Multicast Star and Mesh Configurations 301 Further Readings 303 Exercises 305 7 Impact of Satellite Networks on Transport Layer Protocols 307 7.1 Introduction 308 7.1.1 Application Characteristics 308 7.1.2 Client and Server Host Parameters 309 7.1.3 Satellite Network Configurations 309 7.1.4 TCP and Satellite Channel Characteristics 310 7.1.5 TCP Flow Control, Congestion Control and Error Recovery 311 7.2 TCP Performance Analysis 313 7.2.1 First TCP Segment Transmission 313 7.2.2 TCP Transmission in the Slow-start Stage 314 7.2.3 TCP Transmission in the Congestion Avoidance Stage 314 7.3 Slow-start Enhancement for Satellite Networks 315 7.3.1 TCP for Transactions 316 7.3.2 Slow-start and Delayed Acknowledgement (ACK) 316 7.3.3 Larger Initial Window 317 7.3.4 Terminating Slow-start 317 7.4 Loss Recovery Enhancement 318 7.4.1 Fast Retransmission and Fast Recovery 318 7.4.2 Selective Acknowledgement (SACK) 319 7.4.3 SACK Based Enhancement Mechanisms 319 7.4.4 ACK Congestion Control 320 7.4.5 ACK Filtering 320 7.4.6 Explicit Congestion Notification 321 7.4.7 Detecting Corruption Loss 322 7.4.8 Congestion Avoidance Enhancement Policy 322 7.5 Enhancements for Satellite Networks Using Interruptive Mechanisms 323 7.5.1 TCP Spoofing 323 7.5.2 Cascading TCP or Split TCP 324 7.5.3 Other Considerations for Satellite Networking 325 7.6 Impacts on Applications 325 7.6.1 Bulk Data Transfer 325 7.6.2 Interactive Applications 326 7.6.3 Distributed Caching for Internet Services and Applications 326 7.6.4 Web Caching in Satellite Networks 327 7.7 Real-time Transport Protocol (RTP) 328 7.7.1 Basics of RTP 328 7.7.2 RTP Control Protocol (RTCP) 331 7.7.3 Sender Report (SR) Packets 332 7.7.4 Receiver Report (RR) Packets 333 7.7.5 Source Description (SDES) RTCP Packet 333 7.7.6 SAP and SIP Protocols for Session Initiations 334 7.7.7 Session Directory Service (SDS) 336 7.8 Voice over IP 336 7.8.1 Gateway Decomposition 336 7.8.2 Protocols 336 7.8.3 Gatekeepers 337 7.8.4 Multimedia Conferencing (MMC) 337 7.8.5 Conference Control 337 Further Readings 337 Exercises 338 8 Next Generation Internet (NGI) over Satellite 341 8.1 Introduction 342 8.2 New Services and Applications 342 8.2.1 Internet Integrated Services 343 8.2.2 Elastic and Inelastic Traffic 343 8.2.3 QoS Provision and Network Performance 344 8.3 Traffic Modelling and Characterisation 344 8.3.1 Traffic Engineering Techniques 345 8.3.2 Traffic Modelling 345 8.3.3 Statistical Methods for Traffic Modelling 346 8.3.4 Renewal Models 346 8.3.5 Markov Models 346 8.3.6 Fluid Models 347 8.3.7 Auto-regressive and Moving Average Models 347 8.3.8 Self-similar Models 348 8.4 The Nature of Internet Traffic 348 8.4.1 World Wide Web (WWW) 348 8.4.2 Pareto Distribution Model for Self-similar Traffic 350 8.4.3 Fractional Brownian Motion (FBM) Process 350 8.4.4 Consideration of User Behaviour in Traffic Modelling 351 8.4.5 Voice Traffic Modelling 352 8.4.6 On-off Model for Voice Traffic 354 8.4.7 Video Traffic Modelling 355 8.4.8 Multi-layer Modelling for WWW Traffic 356 8.5 Traffic Engineering 357 8.5.1 Traffic Engineering Principles 358 8.5.2 Internet Traffic Engineering 360 8.6 Multi-protocol Label Switching (MPLS) 361 8.6.1 MPLS Forwarding Paradigm 362 8.6.2 MPLS Basic Operation 363 8.6.3 MPLS and Diffserv Interworking 366 8.6.4 MPLS and ATM Interworking 367 8.6.5 MPLS with Traffic Engineering (MPLS-TE) 368 8.7 Internet Protocol Version 6 (IPv6) 369 8.7.1 Basics of Internet Protocol Version 6 (IPv6) 369 8.7.2 IPv6 Addressing 371 8.7.3 IPv6 Networks over Satellites 374 8.7.4 IPv6 Transitions 375 8.7.5 IPv6 Tunnelling Through Satellite Networks 375 8.7.6 The 6to4 Translation via Satellite Networks 376 8.7.7 Issues with 6to4 377 8.7.8 Future Development of Satellite Networking 378 Further Readings 380 Exercises 381 Index 383 Download: http://www68.zippyshare.com/v/XtssMyns/file.html

Google Cracker V1 By No Network Organization Based On Facebook Cracker V2 By Mauritania Attacker Scan Link: FuckingScan Download: https://drive.google.com/file/d/0By7jLp_VXjqHaUItUVBUOXNnOGs/view

Va atasez cateva carti , pentru Linux, Networking, Snort si mai multe : Exemple : Network Security Guide O'Reilly - Internet Core Protocols the definitive guide -"- - Network Warrior TCP IP Network Administrator APACHE COOKBOOK APACHE SECURITY si mai multe.... Bafta la citit! DOWNLOAD

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Download: https://github.com/tomac/yersinia

Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network. Download: https://github.com/galkan/depdep

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc…), protocol ids, SAP’s, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc. Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events. Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise’s Internet activity can be accomplished using modest computing resources. Download: ARGUS- Auditing Network Activity - Getting Argus

Script care automatizeaza comenzile pentru sniffing in retea cu sslstrip. Comenzi: Pentru a folosi ettercap folositi comanda Yet Another Man in The Middle Automation Script. Download Link:

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. Using AIEngine To use AIEngine just execute the binary aiengine: luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h iaengine 0.1 Mandatory arguments: -I [ --interface ] arg Sets the network interface. -P [ --pcapfile ] arg Sets the pcap file. Link Layer optional arguments: -q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls). TCP optional arguments: -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool. UDP optional arguments: -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool. Signature optional arguments: -R [ --enable-signatures ] Enables the Signature engine. -r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows. -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature on the flows. Frequencies optional arguments: -F [ --enable-frequencies ] Enables the Frequency engine. -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por t and dst-port. -f [ --flow-type ] arg (=tcp) Uses tcp or udp flows. -L [ --enable-learner ] Enables the Learner engine. -k [ --key-learner ] arg (=80) Sets the key for the Learner engine. Optional arguments: -k [ --stack ] arg (=lan) Sets the network stack (lan,mobile). -d [ --dumpflows ] Dump the flows to stdout. -s [ --statistics ] arg (=0) Show statistics of the network stack. -p [ --pstatistics ] Show statistics of the process. -h [ --help ] Show help. -v [ --version ] Show version string. Integrating AIEngine with other systems AIEngine have a python module in order to be more flexible in terms of integration with other systems and functionalities. The main objects that the python module provide are the followin. Check the wiki pages in order to have more examples. Flow |---> getDestinationAddress |---> getDestinationPort |---> getFrequencies |---> getHTTPHost |---> getHTTPUserAgent |---> getPacketFrequencies |---> getProtocol |---> getSourceAddress |---> getSourcePort |---> getTotalBytes |---> getTotalPackets |---> getTotalPacketsLayer7 FlowManager Frequencies |---> getDispersion |---> getEnthropy |---> getFrequenciesString HTTPHost HTTPUserAgent LearnerEngine |---> agregateFlows |---> compute |---> getRegularExpression |---> getTotalFlowsProcess NetworkStack |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager PacketDispatcher |---> closeDevice |---> closePcapFile |---> openDevice |---> openPcapFile |---> run |---> runPcap |---> setStack PacketFrequencies |---> getPacketFrequenciesString Signature |---> getExpression |---> getMatchs |---> getName SignatureManager |---> addSignature StackLan |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager StackMobile |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager Compile AIEngine $ git clone git://bitbucket.com/camp0/aiengine $ ./autogen.sh $ ./configure $ make Contributing to AIEngine AIEngine is under the terms of GPLv2 and is under develop. Check out the AIEngine source with $ git clone git://bitbucket.com/camp0/aiengine https://bitbucket.org/camp0/aiengine/

Salut, in curand trebuie sa aplic la un program de studiu in domeniul IT, in Danemarca si am nevoie de ceva indrumare, in special daca imi puteti da niste sfaturi pentru viitor, cam ce domeniu sa "atac" si ce este de viitor: -Computer Science Computer Science in Denmark -IT Network & Electronics Technology IT Network & Electronics Technology in Denmark at UCN - Study INET -Design, Technology & Business (Graphics) Design, Technology & Business (Graphics) in Denmark Mersi anticipat.

I would like to know how you here think about this. As we all know securing servers and networks is not an easy job to do, personal i think it is impossible to close out all vulnerabilities with an open network as the internet, but ok, it is possible to make it as difficult as possible. But is it safe to secure governmental networks so no one can come in anymore? What i mean is this, in an country like the Netherlands the government is managing to keep the corruption and crimes they commit covert up and secret, it is not the kind of corruption we know here, but there it is about child rape, child murders, murders, tortures, fraud and molesting which are committed by law enforcement and the justice department. With intimidation's, bringing in discredit and destruction of people they manage to keep the corruption covert up. This even reaches till the EU counsel and the EU court of human rights. Sending emails to NGO organisations is often intercepted by the government. When you make networks real secure then such criminal governments became impossible to monitor, and the end is out of sight. You can say then that an safe network or server becomes unsafe for the population. On the other hand, an unsecured network is unsafe because the information that must be protected is open to air. How wishful is it then to secure governmental networks?

Snorby Cloud is an instantly deployable, usable, and hassle free Security Monitoring solution. Deploy your own Network & Host Security Monitoring solution in 5 minutes. Cloud Snorby TRIAL 24h

Salutare baieti, vin si eu cu o problema care nu am mai intalnit-o pana acum la nici (macar) un alt calculator. Internetul e de la RDS, asa cum scrie si in titlu, iar atunci cand se conecteaza prin Username si parola, apar mai multe Retele [Network 1, 2 ,3 etc]. Faza e ca uneori merge internetul fara probleme, desii in bara jos din dreapta apare semnul ! in dreptul retelei, dar alteori internet nema. I-am refacut conexiunea la RDS, si vad ca nu mai face figuri, dar tot are semnul ! . Am pus si o poza mai jos sa intelegeti "efectul". Cineva caruia i sa mai intamplat ?! M-ar ajuta foarte mult sfaturi concrete si nicidecum sa fie un loc de aruncat cu parerea precum mingea pe terenu de fotbal. Mersi anticipat. http://img651.imageshack.us/img651/9661/ntwrk.jpg

Plecand din 2012 pot afirma ca pamantul nu se invarte doar in jurul Soareleui ci si in jurul unui obiect care poate fi chemat "Social Network". Am incercat intotdeauna sa am o anumita limita cand vine vorba de identitatea personala si sa expun cat mai putine date pe internet.Google mi-a cerut numarul de telefon, Linkedin mia cerut un curriculum si multe alte date ,Blogspot o mica fotografie ,Ebay toate datele personale inclus o carte de credit.Pentru necesitate a trebuit sa multumesc pe fiecare in parte dar totusi am ignorat sa public datele personale catalogate ca fiind confidentiale si am reusit sa conving Ebay spre exemplu ca adresa unde trebuie sa trimita produsul, cartea de credit si contul paypal nu trebuie sa fie neaparat al meu.Am ignorat Facebook si restul portalelor de social network deoarece am considerat ca ar fi o mare pierdere de timp .Daca nu ati creat pana in prezent un cont intrun Social Network sa nu va pierdeti timpul sa il creati.Nu am creat niciodata un cont Yahoo personal si nu m-am folosit de portalul lor deoarece sa spun sincer as fi preferat mai mult Google (doar pentru faptul ca am stimat intotdeauna ceea ce au facut Sergey Brin si Larry Page nu pentru conceptul comercial pe care acest portal il are in prezent).Singurul lucru care ma mai tine legat de Yahoo este portalul Yahoo Finance pentru diversele optiuni pe care le ofera. Am inceput acest articol vorbind despre diverse portale dar voi continua cu Amazon.Intrun final in 2012 am creat si un cont Amazon deoarece mi sa parut interesant acest Ebook pe care il pune la dispozitie si anume Kindle .Ca si Iphone exista diverse tipuri de Kindle iar eu am decis sa iau ceva simplu pentru a citi carti si versiunea Kindle Touch (no ads) a fost cea mai ideala deoarece Kindle Fire nu mai este un Ebook reader (parerea mea) ci un adevarat Ipad.Atentie au preturi diverse si platesti mai mult daca vrei un dispozitiv (no ads).Am deschis pachetul, am apasat butonul, sa aprins display-ul si primul lucru care a aparut e un Hello urmat de numele meu.Ok deci Amazon stie cum ma chiama.A doua oara cand am accesat portalul, Amazon incepe sa imi faca diverse sugestii de produse pe care ar trebui sa mi le cumpar in continuare si anume: 1.Imi spune ca ar trebui sa imi cumpar un incarcator pentru Kindle. 2.Imi spune ca ar trebui sa imi cumpar un cover 3.Imi spune ca imi lipseste si un screen protector pentru Kindle 4.Imi spune ca nu pot citi pe intuneric daca nu iau si un dispozitiv de tipul Reading Lights. Asta inseamna ca Amazon ia decizii pentru mine si stie ce e mai bine.Majoritatea vorbesc de libertate pe cand altii decid cum trebuie sa iti fie satisfacuta placerea sau mai bine zis iti da un oridin dar nu e frumos sa spui ordin deoarece majoritatea cred ca isi cumpara pentru ca au decis in mod personal fara sa fie obligati chiar daca nu e asa. Kindle are wireless si probabil toti se bucura de asa ceva deoarece se pot conecta la internet dar totul are o logica deoarece o data ce iti incarci cartile in dispozitiv si te conectezi la internet Amazon descarca metadata pentru fiecare Book pe care il ai in Kindle si dupa putin timp daca te mai conectezi o data la portalul lor Amazon stie si ce carti iti place sa citesti iar daca mai faci un Search iti apar doar produsele care te intereseaza deoarece Amazon a facut data mining si stie ce vrei defapt.Fiecare query facuta in browser-ul din Kindle este urmarita de catre Amazon si Amazon stie cate pagini ai citit dintro carte si la ce pagina ai ramas.(Keylogger comercial legazilat) Un alt feature important a acestui dispozitiv este faptul ca iti permite sa selectezi text din cartile pe care le citesti si sa pui un NOTE asadar ori de cate ori poti sa ai un bookmark separat a unor randuri dintrun text pe care poate te intereseaza si ai vrea sa le salvezi intrun singur loc.O data ce faci un highlight la un paragraf vine salvat intrun singur loc chemat "My Clippings" si cand te conectezi la internet totul vine sincronizat cu portalul Amazon.Inca o data Amazon isi baga nasul sa vada ce te intereseaza iar data viitoare cand vei face un Search iti va baga pe nas primele produse care au o oarecare legatura cu ceea ce iti place tie.Oricum in subconstient tu vei crede ca de fapt tu vrei sa cumperi acest lucru pentru ca ti-a placut foarte mult dar inca o data altcineva a luat decizia pentru tine.Ca sa obtina mai multe date Amazon a scos pe piata si un Kindle 3G unde Amazon iti plateste conexiunea internet (Works Globally) doar pentru portalul Amazon si Wikipedia (Inca o resursa in plus pentru Data Mining) Evident tu nu poti sa modifici numele unei carti in Kindle daca nu ai o aplicatie externa pentru Ebook management precum Calibre dar conceptul Kindle a fost creat in asa fel incat tu sa te conectezi la internet si sa descarci metadata de pe portalul Amazon asadar alaturi de numele tau care vine deja stampat cand primesti dispozitivul vor sta si datele tale. Un alt aspect in legatura cu Amazon ar fi : In momentul in care cumperi un obiect pe portalul lor ,Amazon iti pregateste un form cu butonul Share pentru Facebook cu obiectul pe care l-ai cumparat , ca sa iti readuca aminte sa nu uiti sa te dai mare pe la altii cu obiectul pe care l-ai cumparat asadar vor venii noi clienti.Inca o data vorbim de libertate dar altii se joaca cu placerile noastre si decid ceea ce ar trebui sa credem noi ca de fapt ne trebuie. Amazon a creat un format pentru Ebook si anume AZW si ofera si un serviciu online unde poti converti diverse alte formaturi precum PDF in AZW deoarece chiar daca Kindle suporta PDF sa nu credeti ca veti putea citi PDF cum credeti voi deoarece format-ul text-ului trebuie structurat pentru display-ul de 6" Inch ca sa fie o asezare in pagina pe placul cititorului dealtfel veti vedea numai prima jumatate verticala a paginii.Ei bine pentru a converti un format in AZW va trebui trimis documentul direct la Amazon si il veti primi direct pe Kindle asadar Amazon va creat deja o adresa de mail cand ati cumparat acest dispozitiv si arata cam asa numeletau[@]kindle.com (inca o data te obliga sa te conectezi la internet cu dispozitivul ca sa verifici email-ul si in acelasi timp iti sincronizezi datele tale cu ei) Deci dorinta mea de a citi carti intrun Ebook a devenit un lucru public care trebuie impartit cu Amazon iar urmatoarele 2 lucruri cumparate pe Amazon au fost alese direct de catre ei deoarece au fost o necesitate pentru ceea ce am cumparat initial iar eu am apasat doar butonul Order.Ce pot sa spun despre structura acestui dispozitiv din punct de vedere Hardware? ,Freescale 532 MHz, ARM-11cu un Kernel Linux si foloseste o tehnologie E Ink (electrophoretic ink) care este destul de perfecta pentru a citi carti deci in loc sa le cititi in fata unui calculator sau in fata unui Ipad care sunt mult mai daunatoare pentru ochi ar fi de preferat sa le cititi in fata unui Ebook reader Alb/Negru.Pentru a mentine datele personale in sacul vostru nu conectati acest dispozitiv la internet si incercati sa folositi diverse alte aplicatii pentru a modifica metadata pentru fiecare ebook in parte precum Calibre.Dispozitivul citeste corect formaturi ca MOBI deci convertiti PDF in MOBI pentru a avea un rezultat mai bun. In rest as putea adauga urmatoarele: Un Kindle care nu este conectat la internet este mai sigur decat un Kindle conectat la internet dar avand in vedere faptul ca nu sunteti liberi vi se vor da ordine in asa fel incat sa luati singuri decizia de a actiona pe placul altora crezand ca va veti satisface placerile voastre. Peace!

Avem urmatotul network +++++++++++ (blade) + Router + 192.168.123.111 +++++++++++ **************** | *--------------* | *- ZONE1 -* | *--------------* | *- Solaris 10-* |______________ *--------------* |192.168.123.0 *- SPARC 64 -* | (Subnet1) *- Router -* | *--------------* | **************** 192.168.123.110 | (BLADE) | --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|______________________________________ | | | | -------------- ---------- ------------- --------------- - Debian - - Fedora - - FreeBSD - - Centos - -------------- ---------- ------------- --------------- 192.168.123.100 DHCP 192.168.123.107 192.168.123.105 Vom izola serverul Centos 192.168.1123.105 intrun subnet separat in asa fel incat sa nu poata fi accesat de catre celelalte servere din Subnet1.Eventual ii vom lasa liber accessul SSH doar de pe reteaua externa (Internet) 1.Vom crea un router in serverul (Blade 192.168.123.110) cu un nou subnet 10.0.0.0 Vom crea urmatorul subnet2 clasa A: Network class A IP Adrddress 10.0.0.1 Subnet Mask 255.255.255.252 Broadcast 10.0.0.3 Host range 10.0.0.1 (Router),10.0.0.2 Host Centos (redman) Setari Blade solaris 10 (Router) Vom aloca o interfata fizica pentru subnet2 Show interface [blade]# dladm show-dev | sort -n | awk '{ print $1,$2,$3,$7,$8 }' bge0 link: up duplex: full bge1 link: up duplex: full qfe4 link: down duplex: unknown qfe5 link: down duplex: unknown qfe6 link: down duplex: unknown qfe7 link: up duplex: full Avem 3 interfete de retea momentan care sunt up bge0 link: up duplex: full bge1 link: up duplex: full qfe7 link: up duplex: full Vom folosi urmatoarele qfe7 -> interfata externa conectata direct la internet bge1 -> interfata interna in care vom crea un subnet Vom seta ipforwarding si routing in sistemù routeadm -u -e ipv4-forwarding routeadm -u -e ipv4-routing Vom seta ipfilter svcadm -v enable svc:/network/pfil:default svcadm -v enable svc:/network/ipfilter:default svcadm -v enable svc:/system/rmtmpfiles:default Vom adauga interfetele in fisierul de configurare a firewall-ului echo "bge -1 0 pfil" >> /etc/ipf/pfil.ap echo "qfe -1 0 pfil" >> /etc/ipf/pfil.ap Pentru a verifica daca ip forwarding si routing a fost setat corect [blade]# routeadm | head Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing enabled enabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" [blade]# Configurarea interfetei pt subnet ifconfig bge1 10.0.0.1 netmask 255.255.255.252 broadcast 10.0.0.3 && ifconfig bge1 plumb up echo 10.0.0.1 > /etc/hostname.bge1 echo "10.0.0.0 255.255.255.252" >> /etc/netmasks [blade]# ifconfig bge1 bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.0.0.1 netmask fffffffc broadcast 10.0.0.3 ether x:xx:xx:xx:xx:xx [blade]# INIT restart init 6 Configurarea serverului redman (Centos) Vom configura interfata de retea a serverului ifconfig eth2 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 route add default gw 10.0.0.1 eth2 ifconfig eth2 up [root@redman ~]# ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:10.0.0.2 Bcast:10.0.0.3 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:418 errors:0 dropped:0 overruns:0 frame:0 TX packets:236 errors:1 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:36660 (35.8 KiB) TX bytes:22175 (21.6 KiB) [root@redman ~]# Note: Setarile in centos nu vor fi valabile la reboot Pentru a face acest lucru va trebui creata o directiva /etc/sysconfig/network-scripts ceea ce eu nu o voi face deoarece nu am nevoie de setari statice. Vom crea o regula in Router (BLADE Solaris 10) pentru a permite ssh catre redman (centos) Aici vom face un port forwarding: echo 'rdr qfe7 192.168.123.111 port 4444 -> 10.0.0.2 port 22' >> /etc/ipf/ipnat.conf ipnat -C -f /etc/ipf/ipnat.conf Pentru a verifica regulile NAT [blade]# ipnat -l List of active MAP/Redirect filters: rdr qfe7 192.168.123.111/32 port 4444 -> 10.0.0.2 port 22 tcp List of active sessions: [blade]# Intrun final vom avea urmatorul rezultat ########## #internet# #####.#### . ----------------.---------- - SSH PKI redman port 4444- ----------------.---------- . . +++++++++.+ (blade) + Router.+ 192.168.123.111 +++++++++.+ **************** | . *--------------* | . *- ZONE1 -* (redman) | ................................. (Netmask) 10.0.0.2 _______________ * Solaris 10 -* . 255.255.255.252 ------------ |192.168.123.0 *--------------*__ NAT __________________- Centos - | (Subnet1) *- SPARC 64 -* . 10.0.0.1 ------------ | *- Router/FW -* . (subnet2) | | *--------------* . ----------- | **************** . - SSH PKI - | 192.168.123.110 . - port 22 - | (BLADE) . -----.----- | ............................ --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|____________________________ | | | -------------- ---------- ------------ - Debian - - Fedora - - FreeBSD - -------------- ---------- ------------ 192.168.123.100 DHCP 192.168.123.107

In acest HowTo voi descrie pasii care trebuie facuti pentru configurarea retelei folosind o adresa ip statica intrun sistem Unix/Solaris. Majoritatea comenzilor care fac parte din smf pot fi folosite incepand cu versiunile 9,10,11 de Solaris In Unix totul este un fisier si aceasta regula sper ca multi au imprimat-o deja prin creier si precum stiti deja pentru a face orice fel de setari trebuie modificate fisiere pe care le putem defini fisiere de configurare.Datele stocate in aceste fisiere vor fi citite de catre sistem si executate.Pana aici sper sa aveti o idee clara despre cum functioneaza un sistem Unix in privinta fisierelor. Pentru a configura o interfata de retea cu un ip static vor trebui create cateva fisiere.Numele unei interfete de retea deriva din numele driverului care piloteaza interfata + numarul interfetei (0) fiind prima interfata (1) fiind a doua interfata.Datele necesare pentru a configura interfata de retea fiind: -Adresa ip (192.168.123.105) -Adresa de subnet + Netmask (192.168.123.0 255.255.255.0) -Un nume de host (eclipse) -Un gateway (192.168.123.254) -Unul sau mai multe nameservere (192.168.123.254) Se presupune ca ambientul unde se va face configurarea foloseste un router care are functia de gateway pentru a iesi pe internet. Se presupune ca driverul pentru interfata de retea este instalat si vine recunoscuta de catre sistem [eclipse]# dladm show-dev nfo0 link: unknown speed: 100 Mbps duplex: unknown Se presupune ca interfata de retea este deja in statul enabled ifconfig nfo0 plumb up Note: Aceste exemple le-am folosit pentru configurarea unui host intern din reteaua mea, adresele ip vor trebui schimbate in baza range-urile si claselor de ip interne pe care le aveti. Interfata de retea pe care o voi configura in exemplele urmatoare este nfo0 nfo fiind driverul pe care o piloteaza iar valoarea (0) fiind numarul interfetei(prima interfata de retea a acestui sistem) Note: O mica observatie ar fi faptul ca lo0 are tot valoarea 0 dar este prima interfata de loopback.E normal sa nu fie catalogata ca 1 deoarece nu are nici o treaba cu interfata fizica asadar nu este a doua interfata din sistem ci tot prima interfata dar nu fizica. Presupunem totusi faptul ca initial sistemul foloseste DHCP pentru a avea o adresa ip.In acest caz va exista in sistem urmatorul fisier /etc/dhcp.nfo0 Un fisier gol fara nici o data dar cu o valoare importanta deoarece existenta lui va face in asa fel incat agentul DHCP sa ruleze in sistem. Pentru solaris 10 se poate verifica acest lucru folosind comenzile smf svcs -a | grep -i agent disabled 0:37:32 svc:/application/management/common-agent-container-1: default Note: In cazul in care fisierul /etc/dhcp.nfo0 exista , va rula si common-agent-container asadar va fi online si nu disabled. Pentru a trece la o configurare statica va trebui eliminat acest fisier /etc/dhcp.nfo0 daca exista,mentionez faptul ca de default nu exista si ca interfata de retea trebuie configurata in oricecaz manual chiar daca in mod static sau dinamic. O data ce am stabilit si facut aceste verificari se poate incepe configurarea statica. Cum am mai spus aceasta procedura comporta configurarea unor fisiere sau mai bine zis introducerea unor date in cateva fisiere. Primul fisier care trebuie creat este fisierul interfetei de retea care va contine adresa de ip statica pe care o vom configura. echo "192.168.123.105" > /etc/hostname.nf0 Al doilea fisier este /etc/netmasks unde vom introduce urmatoarele date .Adresa subnetului si adresa netmask echo "192.168.123.0 255.255.255.0" >> /etc/netmasks Al treilea fisier care trebuie creat este /etc/defaultrouter care va detine gateway-ul echo "192.168.123.254" > /etc/defaultrouter Al patrulea fisier care vine creat este /etc/defaultdomain cu numele de host echo "eclipse" > /etc/defaultdomain Un alt fisier in care va fi polulat cu date este /etc/hosts echo "192.168.123.105 eclipse" >> /etc/hosts Vom specifica intrun fisier si serverurile dns pentru conexiune.Nameserver-ul poate fi adresa de gateway sau daca exista adresa unui nameserver divers echo "nameserver 192.168.123.254" > /etc/resolv.conf Ultimul fisier care trebuie configurat este /etc/nsswitch.conf si are o importanta foarte mare deoarece fara directiva corecta specificata in acest fisier nu veti reusi sa faceti name solving. In primul rand daca acest fisier nu exista in /etc/nsswitch.conf poate fi luata o copie din /etc/nsswitch.files Important insa este ca urmatoarea directiva sa fie specificata hosts: dns files De obice de default va fi doar hosts: files O data configurate aceste optiuni se poate face restart la network [eclipse]# svcs -a | grep physical online 13:50:12 svc:/network/physical:default [eclipse]# svcadm restart svc:/network/physical:default Un simplu ifconfig va demonstra faptul ca nu folosim un server DHCP pentru atribuirea unei adrese ip. [eclipse]# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nfo0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.123.105 netmask ffffff00 broadcast 192.168.123.255 ether 0:x:xx:xx:xx:xx Note: In momentul in care ip-ul vine atribuit de catre un server DHCP ,ifconfig va arata urmatorul output [eclipse]# ifconfig -a alo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nfo0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,[COLOR="#FF0000"]DHCP[/COLOR],IPv4> mtu 1500 index 2 inet 192.168.123.105 netmask ffffff00 broadcast 192.168.123.255 ether x:x:xx:xx:xx:xx Se poate verifica si tabela de routing pentru a intelege mai bine daca totul a fost configurat bine. [eclipse]# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.123.254 UG 1 225 192.168.123.0 192.168.123.105 U 1 15 nfo0 127.0.0.1 127.0.0.1 UH 1 64 lo0 Happy static internet navigation!!!

CCNA (Cisco Certified Network Associate) urmez de 2 luni acest curs si as dori o parere de la voi deoarece nu stiu daca e un prim pas bun .

Buna ziua. Este pe site o zona speciala pentru cei interesati de retele? (Gen tutoriale despre programare sau orice altceva. )